What this audit checks
Authentication & access
- OAuth2 token valid (auth on /rest/v11_24/me) and not expired/revoked
- Instance URL reachable and REST API version (v11_x) responding
- API user role/ACL grants read on Contacts, Opportunities, Campaigns and ProspectLists
- Dedicated OAuth2 platform set (not the default ‘sugar’) so the integration does not evict the merchant’s UI session
Deliverability & sender reputation
- Bounce rate above 5% sustained over the trailing 30 days (list hygiene / SPF-DKIM rot)
- Spam-complaint rate above 0.3% (sender-reputation risk)
- Unsubscribe rate above 2% (list fatigue or off-target content)
- Delivery rate below 95% (inbox-provider rejection)
- Invalid-email / opt-out share of the contact base rising week-over-week
Campaign & automation health
- Marketing campaigns stuck in Planning/Draft and never moved to Active (lifecycle revenue left on the table)
- Active flows with last_enrolled_at older than the schedule window (broken trigger criteria)
- Flow estate skewed to paused/inactive (abandoned automation)
- Campaign open-rate or click-rate dropped > 1 band vs prior period
List hygiene & targeting
- Target lists with low active-member share (decaying audience)
- Many small lists with overlapping membership (list sprawl diluting targeting)
- Exempt / suppression lists growing faster than the deliverable base
- Lists not refreshed (date_modified) within the campaign cadence
Revenue attribution & efficiency
- Campaign-attributed revenue per send below the account baseline
- Refund rate on campaign-attributed orders above 5%
- Checkout-to-order rate falling vs prior period (post-click drop-off)
- High-send campaigns with near-zero attributed revenue (spend without return)
Cross-channel: revenue-at-risk (the killer area)
- SugarCRM campaign-attributed revenue diverges > 30% from the commerce sibling’s order revenue for the same contacts (over-/under-attribution)
- Paying ecom customers (commerce sibling) with no SugarCRM contact or campaign engagement (CRM coverage gap / missed lifecycle revenue)
- Contacts opted-out / invalid-email in SugarCRM who are active buyers on the storefront (deliverable revenue cut off)
- Opportunity Closed Won with no matching ecom order within 7 days (revenue-recognition gap)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
sug_bounce_rate | 2 | 5 |
sug_spam_rate | 0.1 | 0.3 |
sug_unsubscribe_rate | 0.5 | 2 |
sug_delivery_rate | 98 | 95 |
sug_refund_rate | 1 | 5 |
sug_email_open_rate | 20 | 10 |
Data sources
GET /rest/v11_24/me- Auth + API user / instance sanityGET /rest/v11_24/Contacts- Contact inventory, opt-out / invalid-email and lead-source breakdownGET /rest/v11_24/Opportunities- Opportunity pipeline, sales_stage and Closed Won reconciliationGET /rest/v11_24/Campaigns- Campaign sends, deliverability counters and attributed revenueGET /rest/v11_24/pmse_BpmFlow- Flow (process) inventory, status and enrollment recencyGET /rest/v11_24/ProspectLists- Target-list inventory, entry counts and active-member share